How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing?
from the seems-like-an-important-question dept
A few weeks back, we wrote about the arrest of Harold Martin, an NSA contractor working at Booz Allen, for apparently taking "highly classified information" from the NSA and storing it electronically and physically in his home. There were a lot of questions about whether or not Martin was connected to the Shadow Brokers release of NSA hacking tools, though as more info comes out, it sounds like perhaps Martin was just found because of an investigation into Shadow Brokers, but not because he was connected to them. Soon after the arrest was made public (after being kept sealed for a little over a month), reports came out suggesting that Martin was basically a digital hoarder, but not a leaker (or a whistleblower).The latest filing by the government in the case gives you a sense of just how much hoarding was done. Basically, it sounds like Martin has been taking a variety of digital and paper files home for two decades or so. There's a lot of stuff.
The Defendant stole from the government and hid at his residence and in his vehicle a vast amount of irreplaceable classified information. His thefts involved classified government materials that were dated from 1996 through 2016, spanning two decades’ worth of extremely sensitive information.Now, it may be that he did the taking more recently and just took old documents, but that 1996 date coincides with when he first got access to such material:
The Defendant had access to classified information, including Top Secret information, beginning in 1996. His access to classified information began during his service in the U.S. Naval Reserves, and continued as he worked for seven different private government contracting companies. Access to classified information was critical to the Defendant’s employment in his field. He worked on highly classified, specialized projects and was entrusted with access to government computer systems, programs and information.The government estimates 50 terabytes of data, but admits it's still going through all of it to figure out what is in there.
During execution of the search warrants, investigators seized thousands of pages of documents and dozens of computers and other digital storage devices and media containing, conservatively, fifty terabytes of information....Of course, some in the press are claiming, incorrectly, that this means Martin took 500 million pages of records and secrets, but we don't know that yet. The DOJ admits it's still going through everything, and has no idea how much of it is secret (or even how much of it is from the government).
[....]
A conservative estimate of the volume of the digital information seized from the Defendant is approximately 50,000 gigabytes. This information must be fully reviewed by appropriate authorities to determine its source and classification level, as well as the extent to which it constitutes “national defense information.” The investigation into the Defendant’s unlawful activities is ongoing, including review of the stolen materials by appropriate authorities. The government anticipates that much of this material will be determined to be national defense information that the government goes to great expense to protect.
Martin, at the very least, does appear to have been... kind of careless with some of this stuff:
For example, the search of the Defendant’s car revealed a printed email chain marked as “Top Secret” and containing highly sensitive information. The document appears to have been printed by the Defendant from an official government account. On the back of the document are handwritten notes describing the NSA’s classified computer infrastructure and detailed descriptions of classified technical operations. The handwritten notes also include descriptions of the most basic concepts associated with classified operations, as if the notes were intended for an audience outside of the Intelligence Community unfamiliar with the details of its operations.Of course, the usual caveat does apply: this is the DOJ's side of the story, and history tells us they have a habit of massively inflating things or misrepresenting things in these kinds of cases. That includes over-classification or other exaggerations about how serious, important, or secret certain information truly is. So, take the DOJ's claims with at least some grain of salt here. It will certainly be interesting to see how Martin responds to all of this.
Among the many other classified documents found in the Defendant’s possession was a document marked as “Top Secret/Sensitive Compartmented Information” (“TS/SCI”) regarding specific operational plans against a known enemy of the United States and its allies. In addition to the classification markings, the top of the document reads “THIS CONOP CONTAINS INFORMATION CONCERNING EXTREMELY SENSITIVE U.S. PLANNING AND OPERATIONS THAT WILL BE DISCUSSED AND DISSEMINATED ONLY ON AN ABSOLUTE NEED TO KNOW BASIS. EXTREME OPSEC PRECAUTIONS MUST BE TAKEN.” The Defendant was not directly involved in this operation and had no need to know about its specifics or to possess this document.
The other interesting, and potentially troubling part, is that it appears the DOJ is moving to charge Martin under the Espionage Act. When the initial charge sheet came out, some people noticed that it didn't include Espionage Act charges, which even Ed Snowden pointed out was a "noteworthy absence." At the very least, it implied no distribution by Martin.
However, the latest filing makes it clear the lack of Espionage Act charges was a temporary thing that the DOJ is planning to correct soon. But here's the really crazy bit: the government is arguing that merely collecting this info is an Espionage Act violation, even without distributing it.
The improper retention and transmission of national defense information is prohibited under the Espionage Act. See, e.g., 18 U.S.C. § 793 (Gathering, Transmitting or Losing Defense Information). Information about sources and methods of the Intelligence Community, such as the information in the documents described above, and in the criminal complaint, is classic national defense information. See Gorin v. United States, 312 U.S. 19, 28 (1941) (information relating to the national defense is “a generic concept of broad connotations, referring to the military and naval establishments and the related activities of national preparedness.”). In this case, when an indictment or information is filed, the government anticipates that the charges will include violations of the Espionage Act, an offense that carries significantly higher statutory penalties and advisory guideline ranges than the charges listed in the complaint.You can check out 18 USC 793 yourself. It's noteworthy that most of it requires intent or belief that the information is being used to harm the US, or distribution, but it's likely that the DOJ is leaning hard on section (f):
Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officerStill... this once again seems like a stretch under the Espionage Act. If it's true that Martin was just hoarding the information (even carelessly), it's overkill to bust out the Espionage Act. If true, it would be stupid, but it's clearly not spying for the purpose of helping a foreign nation or anything.
One final thing, though. Fifty terabytes is a shitload of information. How the hell did the NSA not notice this over the past two decades? Even assuming (which is a pretty bad assumption) that the NSA was not as good at protecting its secrets prior to the Snowden leaks, once Snowden's leak was public, how the hell did the NSA still not notice what Martin had done (or, potentially, was continuing to do)? If anything, this raises a hell of a lot more questions about the NSA's own security practices than anything about Martin himself.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: espionage act, harold martin, nsa
Reader Comments
Subscribe: RSS
View by: Time | Thread
Even at 5TB a piece that's 10 drives full. Over the past 20 years when drives were a mere 40 gig.... that number does not make sense. He'd be using HDD's as coasters going back that far.
[ link to this | view in chronology ]
Re: 50TB, 20 years
[ link to this | view in chronology ]
Re:
* an 8 TB NAS drive
* a couple of terabyte hard disks
* several more TB of laptop drives from laptops of dubious functioning
* a dozen maybe functional desktops, hard disks uninventoried "but assumed to be at least a terabyte each" (despite them being 80386 and Pentium systems).
* a moderate sized box of USB sticks ( call it 50 x 4GB for another couple of TB)
* a couple boxes of RW DVDs ( 4GB x 400 for another 1.5 TB (!) )
* a xerox paper box of 3.5" floppies ( 1.4GB x 200 for another 8 TB because, y'know, math is hard for the DOJ)
* a set of reel-to-reel backup tapes (hey, those gotta hold a lot, right?) from 1995
* 3 boxes of cryptically labeled VHS tapes (because, hacker, right?) from/to someone probably named Debbie from West Palm Beach, from spring break... and so on.
... and all of it CLASSIFIED!!! because of course anything he ever touched became classified the moment the indictment came down.
Boy, he was a clever B***td, using steganography to hide data in these movies. I'd better watch them all, just to be on the safe side...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Martin for President 2016
[ link to this | view in chronology ]
Re: Martin for President 2016
[ link to this | view in chronology ]
NSA failure explained
[ link to this | view in chronology ]
We should absolutely assume that everyone else's intelligence organizations have buffet-level access to all information as well.
[ link to this | view in chronology ]
50 TB
50 TB is the estimate of the amount of data seized, not the amount of data copied from NSA. It's likely they seized every storage device they could find, and lots of people have 50 TB sitting around the house (these days, it could just be an 8-bay NAS, about $2000-$3000 with drives; not a big deal for a technical person with a good job).
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
So many things wrong in the government's release...
First, the big political one: he should have known to remove the classified markings from everything. As we learned this year on the presidential campaign trail, if it "is not marked as classified", keeping the material in an insecure setting is fine and results in, at most, loss of clearance and a bit of public embarrassment, but no charges. Mr. Comey himself indicated no prosecution can be expected to result from that type of conduct.
Someone has been drinking a bit too much Copyright Kool-Aid here. If the government really kept exactly one copy of this irreplaceable classified information, that statement could be true, but how then did it take them years to realize that they had zero copies on hand (because the one copy in existence was at his home) when they should have had one copy on hand? If they did not keep exactly one copy, then the information is not irreplaceable. It could be highly sensitive, dangerous in the wrong hands, etc., but it is not irreplaceable.
So, if the Defendant had no need to know about the operation, and the document is to be distributed ONLY ON AN ABSOLUTE NEED TO KNOW BASIS, then how did Defendant come to possess it? That would seem to suggest he had access to materials that he had no need to know about, even when those materials are documented as being restricted to those who need to know about them. That would mean internal security is not properly enforced. That cannot be right. ;)
[ link to this | view in chronology ]
Re: So many things wrong in the government's release...
[ link to this | view in chronology ]
Re: So many things wrong in the government's release...
Do you really think that those with a need to know actually typed out their own documents? Many a lowly secretary, who those in power consider to be a replaceable nobody, will have handled those documents.
[ link to this | view in chronology ]
Re: Re: So many things wrong in the government's release...
According to the document itself, only those with a need-to-know should know about it, so yes, they typed it up themselves or found a way to claim that their secretary (technically, "administrative assistant") needed to know so that the AA could type it up for them. Either way, Mr. Martin was not an AA to people who needed to know, so even that loophole cannot justify why he had access to a need-to-know document if he did not need to know.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If it was irreplaceable then why did it take so long to notice it was gone? Are they seriously saying he took the only copy and no one noticed?
[ link to this | view in chronology ]
If it was truly irreplaceable then why did no one notice it was gone? Are they saying he took the only copy and no one noticed?
[ link to this | view in chronology ]
If it is all text, just how many man working lives, at 40 hours a week for 50 years, would it take to read it all?
[ link to this | view in chronology ]
Most likely, they just took everything electronic in the residence, whether or not it had anything classified in it, and said he had 50 terabytes of potential classified information that they confiscated.
[ link to this | view in chronology ]
I Could See This Happening
In my mind this guy was good at his job, and his supervisors turned a blind eye to his actions. Maybe they knew, or maybe they didn't, but I can guarantee you that not one of his supervisors would admit to knowing anything about his actions.
How good of an government employee I'm not sure, but we will be able to tell soon, because the first job of any good government employee is to create your CYA file. I knew of some people who had many cabinet draws full of pictures, memos, emails, and all kinds of evidence covering their actions.
The cardinal rule of government employment is to never do anything unless you have it in writing. Those who don't follow this rule become scapegoats, and are crucified in the audits and cover-ups that are common in government.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
how could he have done it ? ? ?
[ link to this | view in chronology ]
Re: how could he have done it ? ? ?
[ link to this | view in chronology ]
Richard Hansen, the FBI spy, had so many red flags that it was impossible not to know he was leading a double life. Suddenly it became useful for someone to actually act on that knowledge. Either that, or the entire upper third of the FBI should be dismissed for incompetence. Or perhaps both.
[ link to this | view in chronology ]
I just don't automatically believe the government's narrative anymore without a doubt when it comes to stuff like this. Considering how often they later get exposed as making it all up, lying to cover their asses, or to simply ruin someone they don't like for whatever reason.
[ link to this | view in chronology ]
Simply put, they've been too busy spying on the rest of us.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The bottom line
[ link to this | view in chronology ]
Duh.
Perhaps he didn't tell anyone.
This guy should be running the NSA, not prosecuted.
[ link to this | view in chronology ]
Section (f)
[ link to this | view in chronology ]
Re: Section (f)
If you are rich the courts won't touch you.
[ link to this | view in chronology ]
Re: Section (f)
Because she said she didn't "intend" to do anything wrong and she apologized, anything else - she "can't recall"...
[ link to this | view in chronology ]
Maybe he really is crazy
[ link to this | view in chronology ]
What, no backups?
The NSA should thank Martin for providing the only backup for their classified information.
[ link to this | view in chronology ]
So why do we need Bluffdale?
[ link to this | view in chronology ]
Waste not, ...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
You know nothing
[ link to this | view in chronology ]
They all lie and all support Fascist Democrats.
[ link to this | view in chronology ]
They all lie and all support Fascist Democrats.
It is impossible to get a man to understand something when his Paycheck depends entirely upon him not understanding.
[ link to this | view in chronology ]
They all lie and all support Fascist Democrats. This is how NAZIs stole Germany.
It is impossible to get a man to understand something when his Paycheck depends entirely upon him not understanding.
[ link to this | view in chronology ]
IdiOT
[ link to this | view in chronology ]
N.P.
[ link to this | view in chronology ]